mandiant / ARDvark

Related projects ⓘ

Alternatives and complementary repositories for ARDvark

• antman1p / PrintTCCdb
  JXA script for Mythic that prints the TCC.db
  ☆15Updated 3 years ago
• cedowens / Persistent-Swift
  A Swift port of some of the original PersistentJXA projects by D00MFist. Original PersistentJXA repo: https://github.com/D00MFist/Persist…
  ☆30Updated 3 years ago
• TITO-Threat-Intel / TITO-Framework
  TITO is a light framework for operationalizing threat intelligence that is platform and data agnostic.
  ☆20Updated 4 years ago
• brokensound77 / toruk
  Crowdstrike Falcon Host script for iterating through instances to get alert and other relevant data
  ☆13Updated 5 years ago
• its-a-feature / macos-popups
  Catalog Red Team techniques that cause popups in various macOS versions
  ☆14Updated 4 years ago
• cedowens / JXA-Runner
  Swift code to programmatically execute local or hosted JXA payloads from Terminal without using the on-disk osascript binary.
  ☆22Updated 3 years ago
• OTRF / bloodhound-notebooks
  Notebooks created to attack and secure Active Directory environments
  ☆27Updated 4 years ago
• bradleyjkemp / threathunting
  Assorted, MIT licensed, threat hunting rules from @bradleyjkemp
  ☆12Updated 2 years ago
• awgh / nfp
  Network Finger Printer
  ☆16Updated 7 years ago
• mattreduce / eddie
  Eddie Vetter - triage macOS applications for security research
  ☆16Updated 3 years ago
• cedowens / C2_Cradle
  Tool to download, install, and run macOS capable command & control servers (i.e., C2s with macOS payloads/clients) as docker containers f…
  ☆16Updated 3 years ago
• cedowens / Mythic-Macro-Generator
  Python3 script to generate a macro to launch a Mythic payload. Author: Cedric Owens
  ☆44Updated 3 years ago
• StrangerealIntel / DeltaFlare
  ☆12Updated 3 years ago
• MythicAgents / typhon
  Payload designed for targeting Jamf enrolled devices.
  ☆35Updated last year
• cedowens / JXA-RemoveQuarantine
  JXA script based on research by Jeff Johnson on leveraging TextEdit to remove quarantine attributes on files. Jeff's original research is…
  ☆17Updated 3 years ago
• k3idii / ION
  Indicators of Normality
  ☆12Updated 2 years ago
• cyberbutler / bash-logging-elk
  ☆19Updated 4 years ago
• CptOfEvilMinions / ThreatHuntingEQLandBro
  Threat hunting with EQL and Bro. This repo contains modifications to EQL and EQLLib to use BRO logs.
  ☆8Updated 5 years ago
• ahhh / macOS_profiles
  a collection of profiles for macOS designed for penetration testing or red teaming
  ☆28Updated 5 years ago
• 0xdeadbeefJERKY / mythic-deploy
  Automated deployment and configuration of a Mythic server using Terraform and Ansible
  ☆9Updated last year
• ReconInfoSec / adversary-emulation-map
  Creates an ATT&CK Navigator map of an Adversary Emulation Plan
  ☆16Updated 3 years ago
• scriptingislife / s3eker
  s3eker is an extensible way to find open S3 buckets.
  ☆17Updated 4 years ago
• davebremer / Export-SysmonLogs
  ☆11Updated 6 years ago
• skelsec / pypykatz-volatility3
  pypykatz plugin for volatility3 framework
  ☆31Updated 7 months ago
• automate-tim / conference-materials
  Speaking materials from conferences I've given
  ☆9Updated 2 years ago
• WithSecureLabs / FLAIR
  F-Secure Lightweight Acqusition for Incident Response (FLAIR)
  ☆16Updated 3 years ago
• c2defense / network-device-logs
  Analytics for Accounting logs from Network devices
  ☆16Updated 3 years ago
• ydkhatri / Appx-Analysis
  Scripts and tools created for appx analysis talk (Magnet summit 2019)
  ☆13Updated 8 months ago
• nccgroup / UninstalledAppCanary
  A Canary which fires when uninstalled
  ☆34Updated 3 years ago